VARIoT latest news about IoT security

Google Android August 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices \| Qualys Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202109-0210, VAR-202109-0211, VAR-202109-0374, VAR-202109-0377, VAR-202109-0212 Trust: 5.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 13, 2021, 11:19 p.m.	Vulnerabilities: buffer overflow, information disclosure

Affected products

External IDs

vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2021-1916, CVE-2021-1920, CVE-2021-1976, CVE-2021-0519, CVE-2021-1972, CVE-2021-1919

Identified Vulnerabilities Fixed in Apple + Microsoft Patches Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 3.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Dec. 20, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-30883

Cisco Unified Communications Products Path Traversal Vulnerability Trust: 5.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 3, 2021, 3:46 p.m.	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

cisco

model:

unified communications

Microsoft warns of nasty new macOS vulnerability with an excellent name \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 4.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 29, 2021, 1:44 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities \| eSecurityPlanet Trust: 3.5 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 8:10 p.m.	Vulnerabilities: information leak, improper access control

Affected products	External IDs

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks Related entries in the VARIoT vulnerabilities database: VAR-202109-1315, VAR-202109-1420, VAR-202109-0331, VAR-202109-1313, VAR-202104-0751, VAR-202109-1311, VAR-202108-2057, VAR-202104-0753, VAR-202109-1419, VAR-202109-1307, VAR-202109-1380, VAR-202104-0750, VAR-202109-1316 Trust: 4.5 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 11, 2021, midnight	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2021-30665, CVE-2021-30762, CVE-2021-1872, CVE-2021-30663, CVE-2021-1871, CVE-2021-30661, CVE-2021-30883, CVE-2021-1879, CVE-2021-30761, CVE-2021-30657, CVE-2021-30713, CVE-2021-1870, CVE-2021-30666

CVE - CVE-2021-1572 Related entries in the VARIoT vulnerabilities database: VAR-202108-0310 Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	series

db:

NVD

ids:

CVE-2021-1572

CVE - CVE-2021-34718 Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ios xr
vendor:	cisco systems	model:	ios xr
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xr software
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ios xr

db:

NVD

ids:

CVE-2021-34718

Update Now: Apple Patches iOS, Mac Attack That Uses Malicious PDFs to Hack Devices Related entries in the VARIoT vulnerabilities database: VAR-202108-2172, VAR-202108-1057 Trust: 4.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 13, 2021, 8:49 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2021-30858, CVE-2021-30860

BlackBerry's Cybersecurity Flaw May Affect Your Medical Device \| mddionline.com Trust: 4.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Aug. 17, 2021, 8:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

blackberry

model:

blackberry

db:

NVD

ids:

CVE-2021-22156

Cisco IP Phone Software Arbitrary File Read Vulnerability - Cisco Related entries in the VARIoT vulnerabilities database: VAR-202110-0201 Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 6, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	wireless ip phone 8821
vendor:	cisco	model:	ip phone 8821
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone

db:	NVD	ids:	CVE-2021-34711
db:	POSITIVE TECHNOLOGY	ids:	ID:1633536661356243

CVE - CVE-2021-1592 Trust: 5.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco systems	model:	ucs manager
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ucs manager

db:

NVD

ids:

CVE-2021-1592

Majority of consumer IoT vendors still lack vulnerability disclosure programs - report \| The Daily Swig Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 4, 2021, 3:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

About the security content of iOS 14.8 and iPadOS 14.8 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202108-2077, VAR-202110-1677, VAR-202110-0945, VAR-202110-1610, VAR-202110-1684, VAR-202110-1513, VAR-201401-0579, VAR-202110-1622, VAR-202108-2172, VAR-202110-1512, VAR-202108-2078, VAR-202110-1620, VAR-202110-1428, VAR-202110-1621, VAR-202110-1608, VAR-202108-1057, VAR-202108-2072, VAR-202108-2122, VAR-202110-1514 Trust: 5.25 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 14, 2022, midnight	Vulnerabilities: integer overflow, use after free, memory corruption...

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit
vendor:	apple	model:	ipod touch

db:

NVD

ids:

CVE-2021-30859, CVE-2021-30823, CVE-2021-30820, CVE-2021-30818, CVE-2021-30847, CVE-2021-30842, CVE-2013-0340, CVE-2021-30846, CVE-2021-30858, CVE-2021-30843, CVE-2021-30855, CVE-2021-30849, CVE-2021-30834, CVE-2021-30848, CVE-2021-30836, CVE-2021-30860, CVE-2021-30857, CVE-2021-30852, CVE-2021-30841

GRIMM Private Vulnerability Disclosure Program Reveals Netgear SOHO Devices Vulnerability \| Business Wire Trust: 5.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 21, 2021, 10 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

netgear

model:

router

About the security content of iOS 15.0.2 and iPadOS 15.0.2 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202108-2053, VAR-202108-2054, VAR-202108-2057 Trust: 5.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Oct. 11, 2021, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch

db:

NVD

ids:

CVE-2021-30896, CVE-2021-30895, CVE-2021-30883

Routers, NAS and phones hacked in Pwn2Own competition Trust: 3.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	cisco	model:	rv340
vendor:	cisco	model:	router
vendor:	trend micro	model:	security
vendor:	samsung	model:	mobile
vendor:	samsung	model:	printers
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	mobile phones
vendor:	samsung	model:	printer
vendor:	trend	model:	security
vendor:	lexmark	model:	lexmark
vendor:	lexmark	model:	printer

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access Related entries in the VARIoT vulnerabilities database: VAR-202111-0664 Trust: 5.5 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Nov. 5, 2021, 6:15 a.m.	Vulnerabilities: denial of service, command injection

Affected products

External IDs

vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	small business series
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	small business series switches
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	small business
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	series
vendor:	cisco	model:	email security appliance
vendor:	cisco systems	model:	cisco small business
vendor:	cisco systems	model:	cisco asyncos
vendor:	cisco systems	model:	small business series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	small business series switches
vendor:	cisco systems	model:	policy suite
vendor:	cisco systems	model:	small business
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	asyncos
vendor:	cisco systems	model:	cisco policy suite
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	cisco email security appliance
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	email security appliance

db:

NVD

ids:

CVE-2021-40113, CVE-2021-34795, CVE-2021-34741, CVE-2021-40119, CVE-2021-40112, CVE-2021-34739

Bluetooth vulnerabilities raise red flags about connected device security Trust: 4.75 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Sept. 9, 2021, 7:32 a.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

sonos

model:

sonos

Highly Critical Cisco Equipment Hijacking Vulnerabilities - Bestgamingpro Trust: 6.0 Fetched: Nov. 9, 2021, 12:59 p.m., Published: Jan. 16, 2021, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	policy suite
vendor:	cisco	model:	policy suite software
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	series switches
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2021-40112, CVE-2021-34795

VARIoT news about IoT security